In many situations, for example, when a person interacts with an Interactive Voice Recognition (IVR) system, or when a person interacts with an agent during an on-line chat session, it is necessary to give an agent sensitive information. The delivery of such information under these circumstances is not ideal and can cause concern for the system user.
In the IVR situation, traditional call centers employ agents to answer incoming calls from users. The agents are arranged into one or more groups and the incoming calls are automatically distributed to each of the agents following well-known algorithms for such incoming call distribution. Such systems are known as automatic call distribution (ACD) systems.
In many situations, the actual incoming call is directed to an IVR which is essentially an automatic (robotic) system that initiates a dialog with the caller in an attempt to determine and, if possible, respond to, the caller's requirements The IVR is designed to attempt to satisfy as much of the caller's agenda as possible with the goal being to avoid involving a live agent to the extent possible. These systems are well-known and operate to significantly reduce per-call costs.
When the IVR is unable to satisfy the caller's requirements the incoming call then enters the ACD system and is placed in a queue waiting for the next available agent. Information collected in the IVR can be used to route the caller to an agent with appropriate skills to interact with the caller. When the caller is connected to the agent, the agent converses with the caller in an attempt to resolve any remaining issues. When all the remaining issues are settled, the agent disconnects the call.
During the conversation between the calling user and the agent, the agent often must perform a task for the caller, such as charging a credit card, or accessing a specific record. This process may require that the caller reveal sensitive information to the agent, such as a credit card number, a social security number, birthdates, passwords, addresses, phone numbers, email addresses, etc. Typically, this sensitive information is used by the agent to help resolve an issue, such as the identity of the calling user, or the identity of a document. Some calling users are concerned about the exposure of such information to a person (the agent) that they do not know and who often is located in a country foreign to where the calling user is located. Since privacy concerns may not be uniform around the world, calling users are justified in their concern.
The outsourcing of call center and even chat-room agents to foreign countries has greatly exacerbated the security problem. Using modern networking technologies, call centers are able to locate agents in locations where labor costs are lower. In these scenarios, it becomes difficult to control the exposure of private information. Certain types of applications can run afoul of various privacy, such as HIPPA in the US and the EDDP (European Directive on Data Protection) in the EU.